* Posts by Aunty Dan

12 publicly visible posts • joined 14 Sep 2009

What weighs 800kg and runs Windows XP? How to buy an ATM for fun and profit

Aunty Dan

Even Windows XP is too advanced for some banks

About 6 or 7 years ago now, here in darkest Southern California, I was waiting in line for an ATM from a major American retail bank chain. The person in front of me appeared to be having problems and walked away in disgust. As they did so I could see the ATM had crashed and was rebooting.

At the time, never having worked in banking, I had naively assumed a modern ATM would just be a thin terminal of some kind with a custom hardware link to the cash dispensing machinery. However not only could I see this was a regular PC from the BIOS POST but that the OS it was booting was not any version of Windows at all, XP or otherwise. It was running IBM OS/2. It was not even OS/2 Warp!

This floored me for a minute until I understood the sheer brilliance of this. Whilst I don't doubt there are plenty of vulnerabilities in this dinosaur oddity of an OS where would go to you get hacking tools for it? Could you even setup a OS/2 VM to test against it on a modern hypervisor?

Next Generation Security: No, Dorothy, there is no magic wand

Aunty Dan

Re: What about backup? Won't someone please think about backup

Thanks for correcting me, clearly I didn't read the original article closely enough!

Personally I love patch management partly because it's hard to do, so it is very rewarding when you get it right. Microsoft is Microsoft, they are the once-and-always King of FUBAR patching processes, that's all just part of the game. I was there for the release of NT4 SP6a, now that was a party!

Aunty Dan

What about backup? Won't someone please think about backup

Backup is integral to security and should not be ignored in an article like this. (Don't forget the security triad: Confidentiality, Security and Availability)

The impact of ransomware, the current IT security big/bad de jure, is greatly reduced by having properly working backup solutions for all IT components from the desktop to the switch configurations.

Plus yes mostly to Anonymous Coward #3 about reducing the desktop security attack surface, but remember virus software don't care about whether the logged-on user has local admin, or domain admin for that matter. It will just use known vulnerabilities to escalate privilege both locally and remotely to the DC. The fix for that of course is a process for patch installation and monitoring, and modern tools for achieving this were also not mentioned in this article.

View from a Reg reader: My take on the Basic Income

Aunty Dan

In the Carboniferous Epoch we were promised abundance for all,

By robbing selected Peter to pay for collective Paul;

But, though we had plenty of money, there was nothing our money could buy,

And the Gods of the Copybook Headings said: "If you don't work you die."

Then the Gods of the Market tumbled, and their smooth-tongued wizards withdrew

And the hearts of the meanest were humbled and began to believe it was true

That All is not Gold that Glitters, and Two and Two make Four

And the Gods of the Copybook Headings limped up to explain it once more.

As it will be in the future, it was at the birth of Man

There are only four things certain since Social Progress began.

That the Dog returns to his Vomit and the Sow returns to her Mire,

And the burnt Fool's bandaged finger goes wabbling back to the Fire;

And that after this is accomplished, and the brave new world begins

When all men are paid for existing and no man must pay for his sins,

As surely as Water will wet us, as surely as Fire will burn,

The Gods of the Copybook Headings with terror and slaughter return!

"The Gods of the Copybook Headings", Rudyard Kipling, 1919.

Facebook's own TLS cert used by crooks in double logon phish

Aunty Dan

This could be addressed in the browser itself

Why can't the browser itself alert the user when there is a mixture of TLS certicates from different domains on the same page? Most of them already alert if you visit a page where the TLS certificate subject name does not match the URL you have visited.

Microsoft breaks own world record for IE nonsense

Aunty Dan

Plus ça change....

Absolutely nothing new under the Sun (At least when optimized for viewing with Microsoft Window Shades, naturally.)

Way back in the dim and distant past a marginally anti-corporate US government had the temerity to prosecute Microsoft for, amongst other things, integrating Internet Explorer into the Windows Explorer shell and thus, they felt, unfairly gaining market share over their competition in the Web Browser market. (I.E. Netscape, who had the gall to actually think they'd be able to sell their product for actual money to actual people. Anyone else remember the retail boxed commercial releases of Netscape?)

Microsoft's defense argument, which was really made in an actual, grown-up court room, was that the integration made everything work faster, possibly the most obviously stupid lie the company has ever uttered in public. Anyone with the most rudimentary understanding of software can see that combining two, large complex programs like Explorer and Internet Explorer could not help but result in a sum more complex, and therefore slower, than if they had been kept separate.

Creating some kind of "native" implementation of HTML5 on Windows may enable UI components to be built out of HTML5 which may or may not be something users want, but that won't do a single thing to benefit regular web browsing.

In my experience "native" in Microsoft-speak always means "proprietary modifications designed to ensure the features we create can only benefit Microsoft paying customers, and we won't give them a choice about getting those features or not if we can possibly avoid it."

Adobe slips good-bye note to 10% of stafff

Aunty Dan

Cost of severance seem very high

Picking the average of $50,000,000 from the quoted estimate of the cost of the layoffs that works out as an average of $73,530 per terminated head-count item.

Seems to me a high figure, I wonder what the average annual salary of the down-sizees was?

Forum king vBulletin muzzles paid-up protesters

Aunty Dan
Unhappy

Sheer genius

"vBulletin is changing to a one-time owned license fee for each major point release. That means no more annual renewal fees." - Of course there is nothing to stop them releasing any old minor updates and calling it a "major point release" every year. This effectively makes the "permanent" license an annual support fee.

They ain't that smart though, as they've copied similar crap done by Microsoft and most especially Autodesk in this regard. Autodesk actually get away with forcing their own customers to buy Software "Maintenance" subscriptions annually just to have the legal right NOT to upgrade, and the only way to continue to buy licenses to run older versions (By older this is anything more than the 9 months after each annual release and the announcement of the next one) is to buy the current version and ALSO buy Maintenance. Just to make this even more insulting they cease tech support for the "obsolete" version that you are paying "Maintenance" to run!

"Once you purchase a major point version, you’ll receive maintenance, security, and minor point releases for the life of 4.x." - Just like with Autodesk you can bet they will release a new "major" version every year and then declare the previous version to be End of Life, so customers have no choice but to upgrade if they want any support.

Adobe relieves Reader and Acrobat update blues

Aunty Dan

Won't someone please think about the v8.x users?

@Andy Brown -

Full installer link (If you browse the update site with Chrome it won't try to install that stupid download manager):

http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.2/enu/AdbeRdr920_en_US.exe

However a bigger problem for me is the v8.x update, as we have a lot of v8 installs we don't want to upgrade right now. The previous current version was v8.13, then you had to patch it to v8.16. When I follow the link for "Other operating systems" and select "XP SP3" it gives the download link to the old v8.13. You have to manally drill through the Support site to Adobe Reader and then Downloads. Even weirder the .MSP v8.17 "update" is 32.5MB, whereas the v8.13 full .EXE installer is only 21.2Mb. (Possibly because the v8.17 only seems to be available in an International all-languages version.) Still, at least it didn't ask to reboot afterwards.

Coin-sized nuclear isotope battery minted

Aunty Dan
Unhappy

What happens once it hasrun out of atomic juice?

So if they make this thing to be able to run your cellphone for a few months at a reasonable price point I can see people buying it for the convenience factor. However what happens once they run flat? Presumably the active chemical components can't be replaced or recharged, it would have to be a sealed system for safety.

So are we going to have an archeological layer of landfill full of even more toxic batteries on top of our currently growing layer of nickel cadmium?

Plus, given no one can figure out if cellphones and associated ray-blasting Bluetooth devices are even safe, do you really want to be holding a mini-nuke to your ear all day long?

Asus' Eee keyboard out next month - official

Aunty Dan
Thumb Up

It's not a Keyboard, it's a Deck!

All they need to do is rename it the "Cyberspace 1"! I guess I can live without the 'trodes for the time being, but presumably Asus are working hard on those even as we speak.

Thus disconnects VoIP service

Aunty Dan

All your cloud services are belong to us

I guess most people don't tend to use the "cloud" moniker, but distributed VOIP (IE VOIP Without local servers under the control of the corporation) is a cloud service and this is one of the great vunerabilities of cloud services. Beyond the obvious privacy issues is the fact your SMB owner can come in one morning and find they have no phones, no email, no network files storage and no business applications because their cloud providers have simply run out of money, or been purchased by some bigger company that doesn't want your business.